From 125900faf2270fbfbe00b294bdfdc6a28b9033fa Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sat, 4 Jun 2016 18:13:26 +0100
Subject: [PATCH] Disable password logins for mesh nodes

If you need to get ssh access then manually add a public key to authorized_keys
---
 src/freedombone-image-mesh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh
index 17731b74..4cf8313a 100755
--- a/src/freedombone-image-mesh
+++ b/src/freedombone-image-mesh
@@ -36,6 +36,8 @@ PEER_ID=
 INSTALL_DIR=/root/build
 INSTALL_LOG=/var/log/${PROJECT_NAME}.log
 
+DEFAULT_USERNAME=fbone
+
 TOX_NODES=
 #TOX_NODES=(
 #  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
@@ -506,6 +508,26 @@ function configure_toxcore {
 	echo $'toxic client configured' >> $INSTALL_LOG
 }
 
+function disable_password_logins {
+	if [ ! -d /home/$DEFAULT_USERNAME ]; then
+		echo $"Home directory for $DEFAULT_USERNAME not found"
+		exit 3682572
+	fi
+
+	# create an authorized_keys file
+	if [ ! -d /home/$DEFAULT_USERNAME/.ssh ]; then
+		mkdir -p /home/$DEFAULT_USERNAME/.ssh
+	fi
+	if [ ! -f /home/$DEFAULT_USERNAME/.ssh/authorized_keys ]; then
+		touch /home/$DEFAULT_USERNAME/.ssh/authorized_keys
+	fi
+	chown -R $DEFAULT_USERNAME:$DEFAULT_USERNAME /home/$DEFAULT_USERNAME/.ssh
+
+	# disable password logins
+	sed -i 's|#PasswordAuthentication.*|PasswordAuthentication no|g' /etc/ssh/sshd_config
+	sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' /etc/ssh/sshd_config
+}
+
 if [ -f /root/.initial_mesh_setup ]; then
 	if [ $1 ]; then
 		MY_USERNAME=$1
@@ -530,6 +552,7 @@ if [ -f /root/.initial_mesh_setup ]; then
 	#compile_tox_client
 	configure_toxcore
 	configure_zeronet
+	disable_password_logins
 
 	rm /root/.initial_mesh_setup
 	systemctl disable mesh-setup.service